A broker in stolen data is selling a vast quantity of files belonging to 26 enterprises using a dark web hacker forum.

After breaching a firm’s network, hackers and other threat operators typically steal any databases left vulnerable. After exfiltrating sensitive information records, the cybercriminals work in close conjunction with data breach or data leak brokers to profit from their haul. The brokers act on their behalf, marketing the data, finding prospective buyers, and then selling the information for either a fixed price or at auction to the highest bidder.

To attract interested parties seeking to purchase the stolen data, breach brokers will typically make posts on forums frequented by hackers and other cybercriminal marketplaces established on the dark web.

A hoard of stolen data for sale

Recent posts on the hacker forum, revealed that the unknown breach broker had begun selling over 368 million user records stolen from 26 different enterprises. So far, just eight of the companies on the list present businesses with undisclosed data breaches – these include MyON.com, Teespring.com, ClickIndia.com, Sitepoint.com, Wahoofitness.com, Eventials.com and Anyvan.com.

The prices for the company databases being sold by the broker vary greatly. While the pricing has not been fixed for all the firms involved, TeeSpring’s 8.2 million data records have a price tag of between $3,800 and $4,000, while MyON’s 13 million have been valued at $2,800, and Chqbook’s one million are offered for $1,800. Other companies with databases up for sale from the same broker include Mindful.org, Accuradio.com, Reddoorz.com, Cermati.com and Netlog.com.

Enterprise responses to data breach broker activity

The breach broker’s post on the dark web forums has had a mixed response from the different firms mentioned.

Educational support organisation MyON has confirmed that its systems were breached, however it has stated that no private data belonging to students was exposed during the attack. On being alerted to its data being sold on hacker forums, MyON immediately investigated the breach and shut down all threats to both data and the customers with which it was associated.

It then made an official statement that, in accordance with both state and federal privacy laws, no customer data was compromised, and that the incident did not involve a breach of personal information records of students. The only data exposed involved encrypted passwords and login names.

TeeSpring, meanwhile, has confirmed that it is presently undertaking an investigation to assess if it has suffered a data breach, while Chqbook.com has announced that no breach took place at all on its network and that the broker’s claims are false.

It is the responsibility of any company hit by a data breach to take rapid action. Here in the UK, the Information Commissioners Office (ICO) must be notified within 72 hours of discovering an incident and a full report must be made. If customer’s data has been exposed in a breach, it is also crucial that companies alert them so they can take steps to protect themselves, such as changing their login credentials or monitoring transactions on accounts.